BlackBerryForums.com : Your Number One BlackBerry Community      

»Sponsored Links


BlackBerryApps.com Best Sellers



Closed Thread
 
LinkBack Thread Tools
  (#1 (permalink)) Old
pilotmike Offline
Knows Where the Search Button Is
 
pilotmike's Avatar
 
Posts: 19
Join Date: Oct 2007
Location: Kansas City
Model: 8320
Carrier: T-Mobile
Default 8320/8820 Enterprise Wi-Fi PEAP Support - 10-04-2007, 12:28 PM

Has anyone been successful getting Enterprise Wi-Fi setup on a 8320/8820 using PEAP security? We have been working with both Cisco and RIM the past several days but have had no luck so far -- cases are still pending from both vendors.

Here is our environment:

WLAN Hardware:
Cisco Wireless LAN Controllers
Cisco Aironet 1000 Series Lightweight Access Points

Authentication/Security:
802.1X to Microsoft IAS RADIUS server (Windows Server 2003 SP1) authenticating against Active Directory (AD)
Authetication-Type: PEAP
EAP-Type: EAP-MSCHAP v2
Server Certificate: CA Signed certificate from VeriSign Class 3 Secure Server CA

We had to load the VeriSign Class 3 Secure Server CA certificate on the BB devices (8320 & 8820), but we have a valid certificate chain and have confirmed the certificates by their serial numbers.

BlackBerry Wi-Fi Device setup:
Security Type: PEAP
Username: <username>
Password: <password>
CA Certificate: VeriSign Class 3 Secure Server CA
Inner link security: EAP-MS-CHAP v2
Server Subject: wifisecurity.example.com
Server SAN: <blank>

Both the 8820 from AT&T and the 8320 from T-Mobile are failing. We are seeing some interesting stuff on the wireless sniffer, but was interested if anyone else has gotten PEAP to work successfully on these devices.
   
Sponsored Links
Please Login or Register to Remove these Advertisements!

  (#2 (permalink)) Old
getmetty Offline
New Member
 
Posts: 5
Join Date: Nov 2005
Model: 7290
Carrier: Tmobile
Default 10-06-2007, 10:37 PM

What does the error say on the BB? (Options - Wi-Fi Connections-Menu-Wi-Fi Diagnostics, change the display mode to Advanced)

Can you share what the IAS log says when it fails?

Are the user's credentials successful when using the same on a laptop?
   
  (#3 (permalink)) Old
pilotmike Offline
Knows Where the Search Button Is
 
pilotmike's Avatar
 
Posts: 19
Join Date: Oct 2007
Location: Kansas City
Model: 8320
Carrier: T-Mobile
Default 10-07-2007, 09:51 PM

Below is a sample of what we see in the IAS logs for these BlackBerry 8320 and 8820 users. This particular user works fine on a laptop or on a Windows Mobile 6 device (ie: T-Mobile Dash).

User <USER> was denied access.
Fully-Qualified-User-Name = example.com/Users-Developer/<USER>
NAS-IP-Address = 10.123.30.11
NAS-Identifier = WLC-1
Called-Station-Identifier = 00-0B-85-XX-XX-XX:wlan
Calling-Station-Identifier = 00-1C-CC-1C-XX-XX
Client-Friendly-Name = WLC-1
Client-IP-Address = 10.123.30.11
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 1
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = Wireless Authentication - Allow
Authentication-Type = PEAP
EAP-Type = <undetermined>
Reason-Code = 23
Reason = Unexpected error. Possible error in server or client configuration.


The above info tells me the encrypted password portion of the authentication is not occurring because IAS can not determine the EAP type.

We next turned to a wireless sniffer to compare a Windows XP host with a BlackBerry 8320/8820. The only difference in the authentication process is that the BlackBerry device(s) respond with a SSL/TLS encryption error after the certificate is sent from the RADIUS server. Basically the PEAP process starts, the username get passed, and the IAS (RADIUS) server sends the certificate information for the SSL/TLS encryption. Once the last certificate packet is acked, the BlackBerry responds with SSL/TLS encryption failure and is then DeAuthed from the Access Point.

In the advanced Wi-Fi diagnostic tool on both BlackBerry devices it indicates a W010 Error: Wifi Association Failed.

I am down to two theories as to root cause at this time:
  1. BlackBerry 802.1X supplicant problem
  2. PEAP Misconfiguraiton on the BlackBerry devices
Another thing we tried was modifying the 'Server Subject' field format on the BlackBerry devices putting the fully qualified subject name of our server certificate (ie: CN=wifisecurity.example.com,OU=IT,O=Company, etc) but no change -- same errors. RIM support has indicated this field only needs to be populated with the hostname on the certificate (ie: wifisecurity.example.com or also known as the certificate "friendly name"). It was worth a shot...

Cisco TAC has also come back after analyzing our logs and sniffer traces and believes, at this time, the issue is with the BlackBerry device(s).

We really wish we could share our findings with some RIM engineers or developers. Someone somewhere knows what is going on or how to collect more detailed debugging information from the BlackBerry 802.1X supplicant.

Last edited by pilotmike : 10-07-2007 at 09:53 PM.
   
  (#4 (permalink)) Old
pilotmike Offline
Knows Where the Search Button Is
 
pilotmike's Avatar
 
Posts: 19
Join Date: Oct 2007
Location: Kansas City
Model: 8320
Carrier: T-Mobile
Default 10-10-2007, 09:06 AM

We worked with RIM for several hours yesterday and had a really good customer support rep. RIM has started to ask us good questions, unfortunately, no breakthrough type stuff yet.

Our plan for today is to work with an escalation manager contact at RIM and see if we can get some development or engineering resources (normal customer support reps to not have access to these resources) to at least look at our wireless packet capture. We know that the PEAP process is breaking when the BlackBerry sends back a TLS decrypt error after the certificate is sent from the IAS (RADIUS) Server.

Looks like others in an 802.1X PEAP MS-CHAP v2 WiFi environment are starting to post of problems in other forums too. I knew we could not be the only ones having this issue...

Wi fi conncetion problem with 8820 - RIM BlackBerry Wireless Forums
   
  (#5 (permalink)) Old
wesly Offline
Knows Where the Search Button Is
 
Posts: 16
Join Date: Sep 2007
Model: 8820
PIN: N/A
Carrier: AT&T
Default 10-13-2007, 03:27 PM

Hmm. I was able to get both an 8820 and 8320 working on our wifi network at the office. We also use PEAP and radius security. I also had to add a certificate to both bb's b/c the default ones don't match what we are running. That is the only extra thing I had to add. In your setting you indicate a server subject. I don't have anything entered for mine so have you tried eliminating that? Sorry wish I could offer more.

Quote:
Originally Posted by pilotmike View Post
Has anyone been successful getting Enterprise Wi-Fi setup on a 8320/8820 using PEAP security? We have been working with both Cisco and RIM the past several days but have had no luck so far -- cases are still pending from both vendors.

Here is our environment:

WLAN Hardware:
Cisco Wireless LAN Controllers
Cisco Aironet 1000 Series Lightweight Access Points

Authentication/Security:
802.1X to Microsoft IAS RADIUS server (Windows Server 2003 SP1) authenticating against Active Directory (AD)
Authetication-Type: PEAP
EAP-Type: EAP-MSCHAP v2
Server Certificate: CA Signed certificate from VeriSign Class 3 Secure Server CA

We had to load the VeriSign Class 3 Secure Server CA certificate on the BB devices (8320 & 8820), but we have a valid certificate chain and have confirmed the certificates by their serial numbers.

BlackBerry Wi-Fi Device setup:
Security Type: PEAP
Username: <username>
Password: <password>
CA Certificate: VeriSign Class 3 Secure Server CA
Inner link security: EAP-MS-CHAP v2
Server Subject: wifisecurity.example.com
Server SAN: <blank>

Both the 8820 from AT&T and the 8320 from T-Mobile are failing. We are seeing some interesting stuff on the wireless sniffer, but was interested if anyone else has gotten PEAP to work successfully on these devices.
   
  (#6 (permalink)) Old
ixtab Offline
Thumbs Must Hurt
 
Posts: 116
Join Date: Jul 2007
Model: 8820
PIN: N/A
Carrier: at&t
Default 10-13-2007, 10:44 PM

Wesly, in my case there is no server certificate (none is required by Windows when I connect via my notebook), it seems that the BB does not allow this scenario (PEAP without a certificate) :(
   
  (#7 (permalink)) Old
pilotmike Offline
Knows Where the Search Button Is
 
pilotmike's Avatar
 
Posts: 19
Join Date: Oct 2007
Location: Kansas City
Model: 8320
Carrier: T-Mobile
Default 10-14-2007, 08:26 PM

We did try blanking the server subject out and we also tried to load the server cert in addition to the intermediate CA cert on the BB, but with no luck.

Still nothing back from the RIM escalation team, but hope to hear something tomorrow...
   
  (#8 (permalink)) Old
pilotmike Offline
Knows Where the Search Button Is
 
pilotmike's Avatar
 
Posts: 19
Join Date: Oct 2007
Location: Kansas City
Model: 8320
Carrier: T-Mobile
Default 10-14-2007, 08:33 PM

Quote:
Originally Posted by ixtab View Post
Wesly, in my case there is no server certificate (none is required by Windows when I connect via my notebook), it seems that the BB does not allow this scenario (PEAP without a certificate) :(
I was my understanding that PEAP without a certificate was LEAP? Am I wrong about that?

In our environment PEAP uses a server certificate for the password encryption (SSL/TLS) between client and RAIDUS server.

Wi-Fi security is so much "fun"...
   
  (#9 (permalink)) Old
stawBerry Offline
New Member
 
Posts: 4
Join Date: Oct 2007
Model: 8320
PIN: N/A
Carrier: t-mobile
Default 10-15-2007, 08:15 PM

Im also having problems with this. First of all how do i even get the certification on to the blackberry.
hopefully this gets solved

thanks for your effort
   
  (#10 (permalink)) Old
snapp Offline
Knows Where the Search Button Is
 
Posts: 22
Join Date: May 2006
Model: 9000
Carrier: AT&T
Default 10-15-2007, 08:24 PM

Quote:
Originally Posted by stawBerry View Post
Im also having problems with this. First of all how do i even get the certification on to the blackberry.
hopefully this gets solved

thanks for your effort

I got my 8820 working today. I had to install the certificate on the BB. Once it was there, PEAP worked like a charm.
1. Install desktop manager
2. Make sure you install certificate sync
3. launch BBDM
4. Launch cert sync
5. Choose what cert you need
6. sync them.
7. run through WI-FI setup again and you should be connected!!
   
  (#11 (permalink)) Old
stawBerry Offline
New Member
 
Posts: 4
Join Date: Oct 2007
Model: 8320
PIN: N/A
Carrier: t-mobile
Default 10-15-2007, 10:29 PM

Thank you i had not installed the cert syn. Now i am just getting w010 failures
   
  (#12 (permalink)) Old
pilotmike Offline
Knows Where the Search Button Is
 
pilotmike's Avatar
 
Posts: 19
Join Date: Oct 2007
Location: Kansas City
Model: 8320
Carrier: T-Mobile
Default 11-09-2007, 03:42 PM

Sorry for not keeping this thread current but not much progress over the past month. Our case with RIM has been sent on to the senior developers now who are working with some WLAN specific developers. I suspect we have bug in the BB OS because if this were a simple misconfiguration issue we'd not have this case to this level at RIM.

I'll keep everyone posted.
   
  (#13 (permalink)) Old
BlackRabbit Offline
New Member
 
BlackRabbit's Avatar
 
Posts: 11
Join Date: Nov 2007
Model: 8820
PIN: N/A
Carrier: Orange - Vodafone
Default 11-14-2007, 02:27 AM

Hi,

just to let you konw you are not alone with this issue

I am in the same configuration : Cisco - LWAP - IAS Radius - AD
WPA2 - EAP-TLS - PEAP - MS Chap v2
My certificate is a Thawte SGC CA
After uploaded it on my terminal, got the same logs on my radius :
EAP-Type = <undetermined>
Reason-Code = 23
Reason = Unexpected error. Possible error in server or client configuration.


Wait news from RIM...


_________________________________________
BlackRabbit.fr BlackBerry French Blog
   
  (#14 (permalink)) Old
Thumbs Must Hurt
 
ashleyneiltaylor's Avatar
 
Posts: 163
Join Date: May 2005
Location: London UK
Model: Storm
Carrier: O2 & Vodafone
Default 11-14-2007, 07:53 AM

I had a problem setting up my 8120 today.

We are using PEAP and found that you do indeed require the Intermediate Certificate on your Blackberry and it is this certificate you select for CA Certificate in the options.

Selecting the CARoot certificate did not work.


Blackberry 9000 4.6.0.162/Domino 8.0.2/BES 4.1.6MR2
Blackberry Storm 4.7.0.76/BIS
   
  (#15 (permalink)) Old
BlackRabbit Offline
New Member
 
BlackRabbit's Avatar
 
Posts: 11
Join Date: Nov 2007
Model: 8820
PIN: N/A
Carrier: Orange - Vodafone
Default 11-15-2007, 02:42 AM

Quote:
Originally Posted by ashleyneiltaylor View Post
We are using PEAP and found that you do indeed require the Intermediate Certificate on your Blackberry and it is this certificate you select for CA Certificate in the options.
Selecting the CARoot certificate did not work.
We used the intermediate certificate too, but it doesn't help.

Oh, we use 8820 4.2.2.124 (2.4.0.58)
   
  (#16 (permalink)) Old
Thumbs Must Hurt
 
ashleyneiltaylor's Avatar
 
Posts: 163
Join Date: May 2005
Location: London UK
Model: Storm
Carrier: O2 & Vodafone
Default 11-15-2007, 05:40 AM

We are using Nortel Access Points with IAS. Without the correct certificate, it wouldn't even associate with an AP and you didn't get any logs on the IAS.

Because we don't broadcast our SSID, I have configured it the WLAN configuration on the BES.

Config is as follows

WLAN Link Security EAP-PEAP
WLAN SSID ****WLANNet
WLAN User Name bbwlanuser@*****
WLAN User Password ********
WLAN DHCP Configuration True
WLAN Inner Authentication Mode EAP-MSCHAPV2

The * is to blank at corporate names. All we then had to do was sync the certificates (Intermediate and Root because we use our own Certificate Authority)

Then set the profile to use the intermediate and that's all. If this doesn't work for you, I'd check the APs and Radius settings.


Blackberry 9000 4.6.0.162/Domino 8.0.2/BES 4.1.6MR2
Blackberry Storm 4.7.0.76/BIS
   
  (#17 (permalink)) Old
pilotmike Offline
Knows Where the Search Button Is
 
pilotmike's Avatar
 
Posts: 19
Join Date: Oct 2007
Location: Kansas City
Model: 8320
Carrier: T-Mobile
Default RIM discovers root cause for this issue - 11-19-2007, 10:04 AM

We got an update from BlackBerry support on this issue this morning. Their senior development team discovered that the issue is with the signature algorithm that is used on the VeriSign root certificate.

The VeriSign root certificate (VeriSign Class 3 Public Primary CA – in our environment) uses MD2 with RSA encryption for the signature algorithm and MD2 is not supported in any BlackBerry OS at this time.

I think it would be safe to say that if any CA in your cert chain uses md2RSA as a signature algorithm, your authentication would be broken in the BlackBerry OS. (See attachment for sample certificate screenshot)

RIM has logged "bug" in their development tracking system, but so far has not committed a specific BB OS version for the fix.

We'll keep on top of this and keep you all posted.
Attached Images
File Type: jpg md2rsa.JPG (17.5 KB, 21 views)
   
  (#18 (permalink)) Old
Mikef1 Offline
New Member
 
Posts: 3
Join Date: Nov 2007
Model: 8820
PIN: N/A
Carrier: AT&T
Default 11-19-2007, 02:52 PM

Quote:
Originally Posted by pilotmike View Post
The VeriSign root certificate (VeriSign Class 3 Public Primary CA – in our environment) uses MD2 with RSA encryption for the signature algorithm and MD2 is not supported in any BlackBerry OS at this time.

I think it would be safe to say that if any CA in your cert chain uses md2RSA as a signature algorithm, your authentication would be broken in the BlackBerry OS.
That explains my issue.
Keep us updated!


thanks
Mike
   
  (#19 (permalink)) Old
BlackRabbit Offline
New Member
 
BlackRabbit's Avatar
 
Posts: 11
Join Date: Nov 2007
Model: 8820
PIN: N/A
Carrier: Orange - Vodafone
Default 11-21-2007, 10:16 AM

thanks, same configuration here. Our Thawte certificate is trusted by the same Verisign C3 md2RSA cert...


_________________________________________
BlackRabbit.fr BlackBerry French Blog
   
  (#20 (permalink)) Old
Mikef1 Offline
New Member
 
Posts: 3
Join Date: Nov 2007
Model: 8820
PIN: N/A
Carrier: AT&T
Default 12-18-2007, 05:17 PM

Any word on a resolution to this?


Mike
   
  (#21 (permalink)) Old
pilotmike Offline
Knows Where the Search Button Is
 
pilotmike's Avatar
 
Posts: 19
Join Date: Oct 2007
Location: Kansas City
Model: 8320
Carrier: T-Mobile
Default 12-19-2007, 10:21 AM

We check status with RIM every couple of weeks, but so far no information that this fix is into a production build yet.

If you are working with BlackBerry support on an issue similar to this, ask them to refer to software tracking number SDR153670. This is their internal defect id that the developers are writing their fix against. If we get enough people pushing on them for this fix, maybe it will help speed things along.

I'll share any non "NDA" (Non Disclosure Agreement) information I get with the group in this thread.
   
  (#22 (permalink)) Old
pilotmike Offline
Knows Where the Search Button Is
 
pilotmike's Avatar
 
Posts: 19
Join Date: Oct 2007
Location: Kansas City
Model: 8320
Carrier: T-Mobile
Default Resolved - 01-12-2008, 09:07 PM

We got word from RIM last week that this issue has been fixed. Due to NDAs with the carriers RIM can not disclose to us the exact release numbers that contain the fix, however, the engineer indicated it was fixed in both 4.2 and 4.3 code.

It typically takes 2-3 months for the carriers to do their internal testing, so cross your fingers and hope for a software release coming soon containing this fix.
   
  (#23 (permalink)) Old
bajjisw Offline
Knows Where the Search Button Is
 
Posts: 35
Join Date: Dec 2007
Model: 8320
PIN: N/A
Carrier: t-mobile usa
Default 02-20-2008, 12:24 PM

hmmm. This is still listed as unresolved on the bb website.

PEAP fails with Verisign CA certificates
   
  (#24 (permalink)) Old
pilotmike Offline
Knows Where the Search Button Is
 
pilotmike's Avatar
 
Posts: 19
Join Date: Oct 2007
Location: Kansas City
Model: 8320
Carrier: T-Mobile
Default 02-20-2008, 08:19 PM

RIM has told us this is fixed in the next version(s) of software that has been released to the carriers for their certification process. In addition, they have told us they will not mark it as resolved in their knowledge base until the fix is publically available.

RIM's escalation team has assured us that this will be fixed in a maintenance release of the 4.2 OS as well as the 4.5 (formally known as 4.3) release.
We won’t know until we see the software, but like the rest of the world, we are anxious to get our hands on the 4.5 OS. Rest assured we’ll be testing this first thing when it is released.

If anyone experiencing this issue gets their hands on a beta release of this code, please report any findings.
   
  (#25 (permalink)) Old
John Clark Offline
BBF Moderator
 
John Clark's Avatar
 
Posts: 33,033
Join Date: Jun 2005
Model: 8900
OS: 4.6.1.250
PIN: s & needles
Carrier: of swine flu
Default 02-20-2008, 10:53 PM

We haven't seen any thing newer than .184 for 4.2 in ages.
   
  (#26 (permalink)) Old
mkp Offline
New Member
 
Posts: 5
Join Date: Apr 2008
Location: Richardson, TX
Model: 8820
OS: 4.2.2.169
PIN: N/A
Carrier: AT&T
Default 04-21-2008, 01:25 PM

Quote:
Originally Posted by pilotmike View Post
We got word from RIM last week that this issue has been fixed.
I suspect I am experiencing a similar issue with an md2 certificate my university uses on its Wi-Fi network (PEAP/EAP-MS-CHAP v2). The certificate is "Secure Server Certification Authority, RSA Data Security, Inc., US", and should already be on most Windows computers. The SHA1 thumbprint starts "44 63 C5 31 ...".

Anyway, both the synchronization tool and the phone show the certificate with a yellow question mark, rather than a green check. It is one of the few certificates that I am not allowed to select in the Wi-Fi setup tool. My Blackberry OS is 4.2.2.169 (Platform 2.4.0.67). On the "Details" page of the certificate, it shows "Weak Cert Chain", and "Root Certificate". It also shows "Good on Sat, Apr 19, ..." and "Explicitly Trusted".

If someone could tell me if this is the same thing, I'd appreciate it.
   
  (#27 (permalink)) Old
pilotmike Offline
Knows Where the Search Button Is
 
pilotmike's Avatar
 
Posts: 19
Join Date: Oct 2007
Location: Kansas City
Model: 8320
Carrier: T-Mobile
Default 04-22-2008, 08:30 AM

Quote:
Originally Posted by mkp View Post
I suspect I am experiencing a similar issue with an md2 certificate my university uses on its Wi-Fi network (PEAP/EAP-MS-CHAP v2). The certificate is "Secure Server Certification Authority, RSA Data Security, Inc., US", and should already be on most Windows computers. The SHA1 thumbprint starts "44 63 C5 31 ...".

Anyway, both the synchronization tool and the phone show the certificate with a yellow question mark, rather than a green check. It is one of the few certificates that I am not allowed to select in the Wi-Fi setup tool. My Blackberry OS is 4.2.2.169 (Platform 2.4.0.67). On the "Details" page of the certificate, it shows "Weak Cert Chain", and "Root Certificate". It also shows "Good on Sat, Apr 19, ..." and "Explicitly Trusted".

If someone could tell me if this is the same thing, I'd appreciate it.
The cert your university is using will always have a yellow question mark because it does not use strong certificate chaining (Root CA, Intermediary CA, etc). Despite that cert being good until 2010, VeriSign will not issue a new cert signed by that CA after sometime this year (and you have to specifically ask for it).

You are probably running into two issues in your setup. One, that cert is not an intermediary CA, so the BB will not let you select that cert in the Wi-Fi configuration for your SSID. Two, that cert does use the MD2 signature hashing algorithm which is not fixed until the 4.3/4.5 handheld software release which we have been waiting a very long time for.

We were initially told to expect the 4.3/4.5 software from the carriers in the March/April timeframe, but that was before RIM yanked some features out of that release at the last minute which caused some delays.
   
  (#28 (permalink)) Old
pilotmike Offline
Knows Where the Search Button Is
 
pilotmike's Avatar
 
Posts: 19
Join Date: Oct 2007
Location: Kansas City
Model: 8320
Carrier: T-Mobile
Default Issue Confirmed Resolved on 8120 - 04-25-2008, 05:51 PM

Just a quick update: Today I had the chance to test our corporate Wi-Fi connectivity on a T-Mobile 8120 running BB OS 4.3.0.115 and I can confirm that this issue with the older signature hashing on certificates has been resolved.

We are still waiting for the "official" 4.3/4.5 OS to be released for the older Wi-Fi enabled Berries.

It is amazing that we worked with RIM back in November on this issue and it has taken almost 6 months to finally be able to test the production fix.
   
  (#29 (permalink)) Old
pilotmike Offline
Knows Where the Search Button Is
 
pilotmike's Avatar
 
Posts: 19
Join Date: Oct 2007
Location: Kansas City
Model: 8320
Carrier: T-Mobile
Default KB Article Updated - 04-30-2008, 11:20 AM

RIM has updated the KB Article relating to this issue:

PEAP fails with Verisign CA certificates
   
  (#30 (permalink)) Old
donald1x Offline
New Member
 
Posts: 5
Join Date: Aug 2005
Location: Jakarta
Model: 8320
Carrier: Telkomsel
Default 05-09-2008, 04:00 AM

Wow, this exact problem has been bugging us for a bit now. As we deploy more and more wifi enabled blackberry (8820 and 8320) this is a request that I am starting to get regularly.

So far my solution is to let my users log on to the "guest" SSID that uses non PEAP logon, and give them year-long special users. not clean. So we are all rooting for the new OS.
   
  (#31 (permalink)) Old
Ford12acing Offline
New Member
 
Posts: 1
Join Date: May 2008
Model: 8320
PIN: N/A
Carrier: T-Mobile
Default 05-20-2008, 02:55 PM

we use PEAP on my office, i installed the certificate on my bb, BUT when i go to configure for PEAP the certificate is not on the list (but if i go under options menu, the certificate is in fact on the phone)....anyway around this?
   
  (#32 (permalink)) Old
mkp Offline
New Member
 
Posts: 5
Join Date: Apr 2008
Location: Richardson, TX
Model: 8820
OS: 4.2.2.169
PIN: N/A
Carrier: AT&T
Default 05-21-2008, 12:55 PM

Quote:
Originally Posted by pilotmike View Post
We are still waiting for the "official" 4.3/4.5 OS to be released for the older Wi-Fi enabled Berries.
This may be a bit offtopic, but do you know if all carriers release the OS at the same time, or if some carriers will release it before others? (I'm on AT&T.) I assume no one outside RIM knows yet when it'll be released, right? I'd still like to see if the root/intermediate thing is not a serious problem, since I can actually select one of two self-signed certs (not that it helps me connect, but it's a test), and both have a green check mark.
   
  (#33 (permalink)) Old
pilotmike Offline
Knows Where the Search Button Is
 
pilotmike's Avatar
 
Posts: 19
Join Date: Oct 2007
Location: Kansas City
Model: 8320
Carrier: T-Mobile
Default 05-21-2008, 03:21 PM

Quote:
Originally Posted by Ford12acing View Post
we use PEAP on my office, i installed the certificate on my bb, BUT when i go to configure for PEAP the certificate is not on the list (but if i go under options menu, the certificate is in fact on the phone)....anyway around this?
What kind of cert is it? (Root, CA, Personal?) Right now under 4.2 you can only select CA Certs in the Wi-Fi PEAP Setup.

Check your CA certs under: Options --> Security Options --> Certificates. Then press the BlackBerry Menu key and select 'Show CA Certs'. I'm guessing the cert you need is not in that particular list. This should be fixed in 4.3 when it is released.
   
  (#34 (permalink)) Old
pilotmike Offline
Knows Where the Search Button Is
 
pilotmike's Avatar
 
Posts: 19
Join Date: Oct 2007
Location: Kansas City
Model: 8320
Carrier: T-Mobile
Default 05-21-2008, 03:37 PM

Quote:
Originally Posted by mkp View Post
This may be a bit offtopic, but do you know if all carriers release the OS at the same time, or if some carriers will release it before others? (I'm on AT&T.) I assume no one outside RIM knows yet when it'll be released, right? I'd still like to see if the root/intermediate thing is not a serious problem, since I can actually select one of two self-signed certs (not that it helps me connect, but it's a test), and both have a green check mark.
I'm not really 100% sure how this all works and RIM would not really tell us when we were working with them on this issue. For this particular problem, RIM had the bug resolved way back in January. After RIM resolved the issue, it has to go to the carriers for their testing and customizations -- this can take 6 months plus, especially with the larger release jumps. (4.2 to 4.3) It is not, however, uncommon to see minor version difference across the various carriers. T-Mobile might release 4.2.2.188 and AT&T might release 4.2.2.192 but as far as a timeline amongst the carriers, I don’t know if RIM regulates that or if the carriers have some control.

The twist with OS 4.3/4.5 is that RIM yanked some features at the last minute which may have delayed this process or caused it to start over.

As a side note, we've recieved confirmation from our corporate T-Mobile Rep, that their internal BlackBerry folks are saying the Curve will not have a 4.3 release, but that the 4.5 code should be available sometime this "summer".
   
  (#35 (permalink)) Old
Sith_Apprentice Offline
Retired BBF Moderator
 
Sith_Apprentice's Avatar
 
Posts: 10,157
Join Date: Aug 2005
Model: 9000
OS: 4.6.0.xxx
Carrier: AT&T
Default 05-21-2008, 03:42 PM

only the 8110/8120/8130/8330 devices will have 4.3. There will be 4.5 for everything 87xx and newer at some point.
   
  (#36 (permalink)) Old
dasunst3r Offline
Thumbs Must Hurt
 
Posts: 136
Join Date: Jul 2008
Model: 8320
PIN: N/A
Carrier: T-Mobile
Default 07-25-2008, 08:06 PM

I have successfully associated my BlackBerry Curve 8320 (T-Mobile, version 4.2.2.180) to the 802.11bg wireless network at my university (more information: Public Internet Access - Overview). It uses 802.1x authentication too. I was initially unsuccessful using PEAP (default), but here are my settings that did work:
Code:
Security type: EAP-TTLS
Inner link security: MS-CHAP v2
When the network first rolled out, Linux users were instructed to use TTLS as the encryption method. That happened to work on Windows when I had to configure a few machines' ipw2200 and ipw3945 cards using Intel's utility. Try that and see if it works for you too. Good luck!

P.S. If you are in a big building with many access points, you should go back into the wireless profile and tick the box next to "Allow inter-access point handover"

Last edited by dasunst3r : 07-25-2008 at 08:15 PM.
   
  (#37 (permalink)) Old
pilotmike Offline
Knows Where the Search Button Is
 
pilotmike's Avatar
 
Posts: 19
Join Date: Oct 2007
Location: Kansas City
Model: 8320
Carrier: T-Mobile
Default 07-25-2008, 08:50 PM

Quote:
Originally Posted by dasunst3r View Post
I have successfully associated my BlackBerry Curve 8320 (T-Mobile, version 4.2.2.180) to the 802.11bg wireless network at my university (more information: Public Internet Access - Overview). It uses 802.1x authentication too. I was initially unsuccessful using PEAP (default), but here are my settings that did work:
Code:
Security type: EAP-TTLS
Inner link security: MS-CHAP v2
Glad to hear that you were able to get yours to work; several others have as well. The specific issue we were running into was that in our 802.1X implementation there was a Verisign certificate in the cert chain that was signed with the MD2 signature hashing algorithm. If you are "lucky" enough to have one of these certs signed with MD2 in your implementation, that issue is not fixed until the 4.3/4.5 handheld software releases. (T-Mobile Corporate Rep telling us September is the latest target date now for 4.5 OS on the 8320).

If your university does not have a cert in the cert chain signed with an MD2 hashing algorithm, you should be good to go.

Dear RIM/T-Mobile,
We are still waiting for the official 4.5 OS.
Sincerely,
Your Customers.
   
  (#38 (permalink)) Old
dasunst3r Offline
Thumbs Must Hurt
 
Posts: 136
Join Date: Jul 2008
Model: 8320
PIN: N/A
Carrier: T-Mobile
Default 07-25-2008, 11:47 PM

My network accepts either the "Thawte Premium Server CA" or the "Entrust.net Secure Server CA," if that rings any bells. The only thing I see with VeriSign is "VerSign WAP X509 Root."
   
  (#39 (permalink)) Old
efi Offline
New Member
 
Posts: 1
Join Date: Aug 2008
Location: Geneva
Model: 8820
OS: v4.2.2.12
PIN: N/A
Carrier: Orange
Unhappy how to use 8820 with Apple Airport extreme WPA2 - 08-03-2008, 04:23 PM

Hi,

does anyone know how to use a BB 8820 WiFi with an Apple Airport Extreme which is WPA2-protected? At the BB I only get WEP and PSK as options...

Many thanks & regards,

Efi
   
  (#40 (permalink)) Old
John Clark Offline
BBF Moderator
 
John Clark's Avatar
 
Posts: 33,033
Join Date: Jun 2005
Model: 8900
OS: 4.6.1.250
PIN: s & needles
Carrier: of swine flu
Default 08-03-2008, 06:31 PM

The BB historically hasn't played well with the Apple Airport Extreme. I suggest updating your OS to the latest 4.5 OS that is available and see if it will work. WPA should be an option on all OS's though.
   
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright © 2004-2009 BlackBerryFAQ.com, BlackBerryForums.com.
The names RIM © and BlackBerry © are registered Trademarks of Research In Motion Limited.